Direct Code Injection Flaw in Sysinfo Product from Vendor
CVE-2006-1831

Currently unrated

Key Information:

Vendor: Coder-world
Status: Sysinfo
Vendor: CVE Published:; 19 April 2006

🔔 Create Coder-world Vulnerability Alert

What is CVE-2006-1831?

The vulnerability in Sysinfo allows attackers to exploit a direct static code injection flaw in sysinfo.cgi. By manipulating the 'name' parameter with a leading semicolon, remote attackers can execute arbitrary commands, leading to potential unauthorized access and control of the affected systems. This issue arises specifically in Sysinfo 1.21 and potentially in earlier versions up to 2.25, making it crucial for users to upgrade to secure their environments.

References

http://www.securityfocus.com/bid/17523

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2006/1360

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/25906

vdb-entryx_refsource_XF

EPSS Score

19% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2006
Vulnerability Reserved
Apr 19, 2006